ITAS Team found out multiple critical vulnerabilities in Hakin9 IT Security Magazine

ITAS Team found out multiple critical vulnerabilities in Hakin9 IT Security Magazine

For the second time in 2 years, the ITAS Security Team has discovered vulnerabilities on the Hakin9 Magazine platform and informed the administrators of the risks. As a token of their appreciation, Hakin9 has awarded the ITAS Team a lifetime subscription of the Magazine.

Established in 2005 by Software Media LLC (Poland), Hakin9 is the English-version of a world renowned magazine on web security issues. The Magazine offers latest news and information on hackers’ attacks and methods, as well as solutions to protect systems, networks and applications. Also owned by Software Media LLC are 5 other well-established publications— Hakin9 Magazine, Pentest Magazine, eForensics Magazine, Software Developer’s Journal, Hadoop Magazine, Java Magazine—all of them known to and respected by the security community world-wide.

According to Hakin9, the magazine has a database of 100,000 security specialists. All of them, therefore, have been at risk of having their sensitive personal information (such as email and password) disclosed.

“Hakin9 is the biggest IT security magazine in the world, published for 10 years. We have a database of 100 000 IT security specialist.

Hakin9 magazine provides online visitors the exact information they need to stay up to date with the latest IT Security news and solutions and to learn what they can find on Hakin9′s pages. Our website is to help IT Security experts find out what new techniques and tools the hackers and crackers use and what we have prepared for you in the current issue.

It covers techniques of breaking into computer systems, defense and protection methods. Our magazine is useful for everyone interested in securing and hacking – both professionals (security officers, system administrators) and hobbyists.” (HAKIN9 Facebook).

Hakin9’s websites are all built on the wordpress platform, a user-friendly and very popular CMS with either free or paid plugins and themes. However, these plugins could cause severe vulnerabilities if rigorous checks are not followed before they are put to use.

In their research, the ITAS Security Team has found a number of vulnerabilities caused by the plugin “Simple Ads Manager” on hakin9.org, pentestmag.com, and eforensicsmag.com. The vulnerabilities include Information Disclosure, SQL Injection, and Arbitrary file upload, which hackers could exploit to steal sensitive information from the entire website, or worse, to execute malicious codes on or take over the server.

The ITAS Team of security specialists has attempted to contact the plugin producers via wordpress.org’s forums and the producers’ own website several times with no success. With some 20,000 active uses of the plugin, the number of websites being put under severe risks by this plugin is substantial.

1. Disclosing sensitive information (CVE-2015-2826)

Vulnerable version: 2.5.94, 2.5.96
The file wp-content/plugins/simple-ads-manager/sam-ajax.php has many actions (load_users, load_authors, load_cats, load_tags, load_posts, posts_debug, load_stats,…) can inadvertently reveal the users’ sensitive information such as username, email, user role in the database.

2. Uploading files with malicious codes (CVE-2015-2825)

The file /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php of version 2.5.94 contains a vulnerable upload function (which has been removed from version 2.5.96) which hackers could exploit to upload malicious codes onto the web server.

Code: Vulnerability file: simple-ads-manager/sam-ajax-admin.php, from line 303 to 314.

Demonstration video

Warning: Websites are currently using the Simple Ads Manager plugin need to remove it immediately to avoid possible attacks and should only re-install it once the producers have repaired the vulnerabilities.

ITAS has recently, in conjunction with the Ho Chi Minh city, Da Nang city and Quang Tri Province Police, discovered a group of subjects setting up fraudulent websites with the purpose of “convincing” Internet users for fraud. This is the first time this kind of crime was brought to light… More

Participating in discussions about information security

One of the most prominent events of the communication information technology industry of Vietnam of the year 2010. That is the event program “Day of information technology of Vietnam of 2010” held by the Viet Nam information safety Association ( abbreviated VNISA ) … More